Security

Security | News, how-tos, features, reviews, and videos

A large 'X' marks a conceptual image of a password amid encrypted data.

Security system alert: 'DANGER'

6 tips for receiving and responding to third-party security disclosures

Your first notification of your next breach or significant threat might come from outside your organization. Have these preparations in place to effectively and quickly respond to inbound security intelligence.

A fishing lure with multiple hooks baits a binary stream. [fraud / phishing / social engineering]

7 new social engineering tactics threat actors are using now

Old tactics in new packages lead the list of current social engineering attacks. Experts provide real-world examples.

Tech Spotlight   >   Analytics [CSO]   >   An image of a bottle of poison emanating binary code.

How data poisoning attacks corrupt machine learning models

Data poisoning is a type of attack that involves tampering with and polluting a machine learning model's training data, impacting the model's ability to produce accurate predictions.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa

Zero days explained: How unknown vulnerabilities become gateways for attackers

A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. The name evokes a scenario where an attacker has gotten the jump on a software vendor, implementing attacks that exploit the flaw before...

security posture / cybersecurity landscape / binary eye / locks / keyholes / firewall / gears

4 steps to better security hygiene and posture management

Increasing scale and complexity have made keeping up with security hygiene and posture management cumbersome and error prone, leaving organizations exposed. Here's what leading CISOs are doing to close the gap.

handshake / teamwork / collaboration / partnership / deal / negotiation

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars

Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past

President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.

Artificial intelligence and digital identity

What is IAM? Identity and access management explained

IAM products provide IT managers with tools and technologies for controlling user access to critical information within an organization.

Conceptual image of a password amid hexadecimal code.

How to reset Kerberos account passwords in an Active Directory environment

A regular reset of the KRBTGT account password will help prevent golden ticket attacks that allow wide unauthorized access to your network.

youtube thumbnails template 021020
video

How to reset the Kerberos password in Active Directory

Changing the Kerberos password will help prevent golden ticket attacks on Active Directory.

hacker linkedin scam romance scam on social media phishing heart

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor

The Golden Chickens cybercriminal gang is believed to sell its more_eggs backdoor for spear phishing campaigns executed using information gleaned from victims' LinkedIn profiles.

A man casts the shadow of an ominous hooded figure against a circuit-based wall.

Coca-Cola trade secret theft underscores importance of insider threat early detection

A research engineer used basic exfiltration techniques to steal trade secrets from Coca-Cola, but wasn't caught until she attempted to steal similar data from another company.

Encrypted blocks of multicolored data cubes rolling out.

What's next for encryption if the RSA algorithm is broken?

A recent, yet to be proven paper claiming to have found a way to "destroy the RSA cryptosystem" has cryptographers asking what might replace it.

Digital Transformation [DX]  >  dandelion seeds blown by a virtual wind of change

The SolarWinds hack timeline: Who knew what, and when?

Impact, detection, response, and ongoing fallout from the attack on SolarWinds' Orion remote IT management software.

Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, March 2021

Keep up with news of CSO, CISO and other senior security executive appointments.

vcmar constantin finnegan
video

Keeping a remote workforce secure: Lessons learned, tips for the future

CSO’s Lucian Constantin joins Computerworld’s Matthew Finnegan and Executive Editor Ken Mingis to explain what companies should do to keep their remote employees — and valuable corporate data and info — safe. Secure remote access is...

intro woman leadership leader executive cityscape vision

How the CISO role is evolving

The chief information security officer (CISO) is the executive responsible for an organization's information and data security. Learn what it takes to land a CISO job and how to be successful in the role.

phishing threat

What are phishing kits? Web components of phishing attacks explained

A phishing kit is the back-end to a phishing attack. It's the final step in most cases, where the criminal has replicated a known brand or organization.

Load More